When you boss has done something very wrong... 2

[Stevehewitt]

All,

I have a dilema.

I have been at this company for 4 months, and i'm the first network admin they have employeed. (We are a web development house).

My reporting line is:


MD
|_ Head of Tech Services (operations!)
|
|_ Technical Project Manager
|
|_ Me (network admin)

Before my time, the company has a AUP policy in place which states the usual - including no porn.

However, today I had to go onto my managers machine as he is the only one in the company with one of our client FTP website details. We had emergency work to do today and he is on holiday.
To get the details I used a cracking tool which dumps all passwords in IE along with some other bit's and pieces.

From this I can see a number of pornographic websites that he has been too. His PC has a rather a lot of spyware, and I believe has (or did have) P2P on it as well. I have also removed a couple of porn dialler from this machine recently too.

What am I to do? Tell my boss? Tell his boss? Stay quiet?

I've been in this situation before, but I have been reporting to the IT director or MD - and it was another employee being naughty. I simply informed HR and that was that.

We are too small a company (25 people) to have a decicated HR dept - and as it's my manager I am rather stuck.

Steve.

"They have the internet on computers now!" - Homer Simpson

 

[pgmr777]

Had the same thing happen, but I liked my job so I let it go, not my business...

 

[SQLBill]

Scenerio: Person on the network visits unauthorized sites. You are the network admin and find about it. You then do nothing. Person goes to unauthorized site that has malicious code. Network is compromised and data is lost. (Look in the news...it's happening daily). The company has to spend lots of money fixing the problem and has lost money/reputation due to the breach. Now the owner finds out you knew about this person's activity long ago and even though you knew the company's policy, you DID NOTHING. Think you might get sued for their loss?

-SQLBill

Posting advice: FAQ481-4875

 

[MeGustaXL]

I think that BJCooperIT and ECAR have the answer between them!

[not really serious]

Send the work order form to your scumbag 'boss' listing the scrubbing you did, requesting his authorising signature and $1.5M in small bills - Problem sorted!

[/not really serious]

[serious now]
Or just go to the top and grass him up.
[/serious now]


Chris

Varium et mutabile semper Excel

http://www.insys-ltd.co.uk

 

[MeGustaXL]

Well, there you go...

I tried to read the thread that Stella pointed us to, and the company firewall blocked it saying "Block questionable words or phrases" - What the flapping bat does it say??

Chris

Varium et mutabile semper Excel

http://www.insys-ltd.co.uk

 

[Stella740pl]

Read it at home then?

 

[spamly]

To be honest, I don't see this as a "very, very wrong" situation. If the websites are so bad that it involves a legal situation, then you've got a problem. Otherwise he sounds like just another idiot going to places he shouldn't on the internet. EVERY company has to deal with stuff like this.

You could just tell him that while you were working on his computer you discovered there's some evidence of unauthorized websites on his computer. Tell him that you cleaned it up (if you did) and that he should be more careful where he browses in the future.

There. You didn't mention the dreaded "porn" word and he'd get the point.

 

[AlexCuse]

Hey, at least he's not wasting his whole day on tek-tips!

I agree with spamly, I think it's more of an embarassing situation than 'very wrong'. However, I can understand how it must feel knowing that you're busting your @$$ and your boss is sitting looking at porn. The way to handle the situation seems to depend most on how much you like or dislike your boss...

No matter how you handle it though, you do need to stop the browsing one way or another (See SQLBill's post)

GOod luck,

Alex



It's a magical time of year in Philadelphia. Eagles training camp marks the end of another brutal season of complaining about the Phillies.

 

[lespaul]

So, Steve, what did you end up doing, if anything?

 

[Stevehewitt]

Hi all,

Thanks for your input. In the end I took the chicken approach and did nothing.

Overall I'm considoring my position in the company anyway. The ethos is that generally I do not have the authority required to do my job effectivly (e.g. senior management can't see what I am doing so they are getting restless and my line manager is putting blocks on things that would benifit the company such as removing local admin rights or implementing a web filter)

Thanks again for all your help - my appreciated.

Cheers,




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[aarenot]

well, having a sister in hr, i asked her about this.

she said that one of the reasons policies about porn are put in place is to limit the companies exposure to hostile environment sexual harrassment charges. this limit is only valid if the policy is enforced when known violations occur.

she also said that while violating the policy may not be sexual harrassment, if the content is seen by anyone else, and is justifiably objectionable that may constitute hostile environment sexual harrassment. the company can limit their exposure by dealing with the situation as a hostile environment sexual harrassment occurrence by the perpetrator. if they do not deal with this as such, then they may open themselves to the charge.

sorry to play the heavy, but it seems you could be in the middle of this situation, if you actually saw the porn. you might want to read your companies policy on porn, and sexual harrassment, and see what your obligations are here.

you also might want to propose limiting access to these sites based on these possibilities as a liability limiting action, without referring to this particular situation.

my sister suggested finding some sexual harrassment reading on the subject, and comment on it to your boss, as a possible situation which limiting access might help avoid. then leave him the article for his review.

she also said cya to prove you did not access this content yourself while in his pc.





You do not always get what you pay for, but you never get what you do not pay for.

 

[Stevehewitt]

Hey,

Thanks for that.

I know it was accessed - I used a cracking tool that shows all saved passwords within IE. There were a number (6 or 7) that showed the URL, username and password for the account that I was in - my managers.

One URL maybe, but as there were multiple sexual URL's along with account details it seems pretty obvious what is going on.

However I didn't personally view the sites or any porn.

You mention limiting access to these sites. This is a major problem -as we have the technology but not the licence. The licence is about £150 or thereabouts but my manager said no to it even after I raised concerns. (argument was that develoeprs may use forums with bad language or even adult keywords / banner ads in them which would stop them from doing their jobs - poor excuse isn't it..!)

Thanks again,




Steve.

"They have the internet on computers now!" - Homer Simpson

 

[Dollie]

If you know the URL's, and if he's using IE (which it sounds like from all the spyware)... add the URL's to the restricted sites section in the options.

If he's like most users, he'll never know it's there.

 

[jrbarnett]

Steve

Just a quick idea, something I remember from employer before last (which is something we implemented, far cheaper than a content blocker license and uses far fewer server resources overall).

Presumably your external internet connection is via a proxy server on your network. All that you need to do is get hold of one of the hosts files of dodgy sites and implement it on the server. As the proxy will resolve each address, it will resolve to localhost which will result in a "Page cannot be displayed" messages for anybody who tries to look at it or pages with popups/ads from them in it. The only disadvantage is that its fairly obvious blocking is taking place.

Details at

http://www.mvps.org/winhelp2002/hosts.htm

John

 

[Thinkatron]

Read every word here, and thank you all for some good solutions to my very similar problem: saw porn sites in boss's browser history, then images, then started seeing messages from his swinger club stuck in the spam filter--the idiot works for a government agency and uses his work email to manage his membership. Noticed lots of visits to male escort services in one major city he visited for a work conference! Have learned more about his kinky fetishes than I care to...and now ave a hard time looking him and his sweet wife (who I assume is unaware, but who knows?) in the eye. And get this: the dumbass uses the same usernames for his memberships as he does for his network logon and email! Afraid of retaliation, of course, so I like the techie solutions, such as the proxy server block. We DO have a policy against using the computer to view porn, at least.

Thanks, again, for your good ideas.

Chris

 

[aarenot]

if you actually saw thew images in the normal completion of your duties, that very likley constitutes hostile environment sexual harrasment. cya, not reporting it may make you a co-conspiriator if someone else makes a claim, and you did not report images that violate policies which you may have signed. especially if you are specificaly required to report it.

 

[Thinkatron]

Thanks for the poke, "aarenot." I am supposed to report it, and so I did. Instead of reporting it to the Board of Trustees, though, I called my LAN contact at the department that oversees all computer, internet, and e-mail for all the agencies. They have "taken it out of my hands" and will handle it "delicately." I feel like I've done my part and will now watch the show.

Thanks to all of you for speaking up on this. I Googled the topic last night and was glad to have found these posts, which fortified me!

Chris

 

[aarenot]

i hope it all turns out well. it is sometimes hard to do what you have to do. i think you did the right thing. let us know how it turns out.

 

[Thinkatron]

A report: from notifying higher authorities to resignation--8 hours. A day of drama!

Yup, the ball started rolling down a pretty steep slope the minute I shared my knowledge of his internet and email porn habits. My name wasn't mentioned, but I'm a lousy actress (and was a nervous wreck) so he might put 2 and 2 together. Whatever--he's gone.

Thanks, "aarenot" for saying "you did the right thing." I heard the same statement from the chairman of the board, and our agency attorney, and that has really helped ease the stress of finally blowing the whistle.

Phew....relief on a few levels.

Chris

 

[aarenot]

might want to start sharpening up your resume for his job. i would ask about the position, then take a few days to submit your resume so it does not appear you did this to open an advancement path. i do not think that is the case, but do not appear to have your resume ready like you were hunting for his job by your reporting him. you might offer to be an interim resource for his duties until a person is placed in the position.

i would think they are willing to trust you at this point, since you seriously diminished the liability position of the oprganization, and at considerable risk to your own employment, at least concievably so.

it is nice to hear 'you did the right thing', and it is better than just knowing inside that you did, without hearing it.

 

[Thinkatron]

Thanks for the idea and vote of confidence, but I have so much to do as the one and only IT person: nearly 100 computers and 50 users to support, one server, e-mail spam filters, plus manage two web sites. (And many of the users remain at the "how do I attach a file?" and "where did it go?" and "my screen looks different" skill level.) I used to be an administrator but much prefer having my head under the hood, so to speak.

It's interesting to watch this unfold--word is gradually getting out over the weekend and his story is "couldn't take the stress of the job any longer." That'll help him save face. (I wasn't out for blood, just wanted correct behavior from a government official.)

Chris